Manalyze report for f98c5c9a31bc0965f1e0496dc07d5f2773f7d54211138c9f8b3e3c78f8bd0779

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2021-Aug-23 03:54:47
Detected languages	English - United States
CompanyName
FileDescription	English version
FileVersion	`0. 0. 0. 0`
InternalName
LegalCopyright	Varset
LegalTrademarks
OriginalFilename	Quas
ProductName	QUest ADB Scripts
ProductVersion	`6.1.0.0`
Comments

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` `Contains domain names: abyssmedia.com https://www.abyssmedia.com www.abyssmedia.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to RC5 or RC6`
Suspicious	The PE is possibly packed.	`Unusual section name found: .didata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegQueryValueExW RegOpenKeyExW RegCloseKey` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW`
Info	The PE's resources present abnormal characteristics.	`Resource SRC is possibly compressed or encrypted.`
Malicious	The file contains overlay data.	`15594768 bytes of data starting at offset 0x1c5a00.` `The file contains a Zip Compressed Archive after the PE data.` `Overlay data amounts for 89.3539% of the executable.`
Malicious	VirusTotal score: 25/71 (Scanned on 2026-03-31 17:47:10)	`Antiy-AVL: Trojan/Win32.Agent` `Bkav: W64.AIDetectMalware` `CTX: exe.trojan.artemis` `ClamAV: Win.Exploit.Exploitx-10036090-0` `DeepInstinct: MALICIOUS` `ESET-NOD32: BAT/Agent.X potentially unsafe application` `Elastic: malicious (moderate confidence)` `GData: Win64.Trojan.Agent.O9JSPB` `Google: Detected` `Gridinsoft: Ransom.Win32.Sabsik.cl` `Ikarus: Trojan.Win64.SnakeKeylogger` `Jiangmin: RemoteAdmin.RDPWrap.bz` `Lionic: Trojan.Win32.Generic.4!c` `McAfeeD: ti!F98C5C9A31BC` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Paloalto: generic.ml` `Rising: PUA.Agent/BAT!8.135E1 (CLOUD)` `Skyhigh: Artemis` `Sophos: Generic Reputation PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `TrellixENS: Artemis!AD7258ACB2CF` `Varist: W64/ABApplication.EMYO-2478` `Webroot: W32.Malware.gen` `Zillya: Tool.RDPWrap.Win32.139` `alibabacloud: Trojan:Win/Agent.X`

Hashes

MD5	`ad7258acb2cfddcbc368068c11be431f`
SHA1	`b1a633adb45fc3e738732c44649406c10a53faa9`
SHA256	`f98c5c9a31bc0965f1e0496dc07d5f2773f7d54211138c9f8b3e3c78f8bd0779`
SHA3	`b1d407b659874bd5e9a55dedda3ca3be91144cc9ed5fb43083b7407803d65074`
SSDeep	`393216:cRHq4JEY3JsvxxHYJYd6kI62+Fm8g74iLVgK9jRtu6Y:EK4JEGspxHwYdXr2csRVNRUV`
Imports Hash	`aeec5a831c2ac4808a8f0442572aa934`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2021-Aug-23 03:54:47
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`8.2`
SizeOfCode	`0x5d600`
SizeOfInitializedData	`0x168000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000005DE50 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`5.2`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x1d7000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`bbcf851ee4be36c183e16dcb2b3f25e9`
SHA1	`b58a12daf6f059a7b697f026f526a878e21fc835`
SHA256	`6915d9f9affc0d489404671384d9f8a9c58c5d9a29ada6f27be9e5cd5a8d0e83`
SHA3	`e5f9542bdc0a4e8959444a584f894681cf37068d3e9dc51ab0c143567aaa4f31`
VirtualSize	`0x5d590`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5d600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.83885`

.data

MD5	`e819953935465fd0dffd652ab10b7873`
SHA1	`78d8ac0cba793786ac9c992bb866fdbf4eddc33f`
SHA256	`dbb7d5d56ad01049985d8a17c3ed0300547428fe3e24989730913908348cdcd8`
SHA3	`d04b56cc19d81fc9be7b75eeb4a9c5f08b69a16dd45adde243d216dd538fa8aa`
VirtualSize	`0xd8a8`
VirtualAddress	`0x5f000`
SizeOfRawData	`0xda00`
PointerToRawData	`0x5da00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.07225`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x9530`
VirtualAddress	`0x6d000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`6ca4f4a870d1bf050368890d44c58e9b`
SHA1	`61411e7595fd8d6546b046b42bddc49cac7d1d3d`
SHA256	`f2a693968fcbfc10bea14eb02f6cb565a2963953faf0b10aff6909b1920abc05`
SHA3	`9d3be9538ca275cea57b5bc8d9bdf146485b46f818e6c64a2f29b3e291de1c94`
VirtualSize	`0x1654`
VirtualAddress	`0x77000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x6b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.00396`

.didata

MD5	`b889b1948485c983b942a5d2b8adbb18`
SHA1	`4d02c10adee1ff3a09b63c1e0c050092ed0ec903`
SHA256	`e7e22126be265319b573fde763b4f9603a7f472e1919187f8f20a4006b8ae5f8`
SHA3	`74de07f12693fc0b379939ed4a1f1a203f1af13831867527bb0d14c3a2f61f7d`
VirtualSize	`0x18c`
VirtualAddress	`0x79000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6cc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.09209`

.edata

MD5	`1250161d215466bb562ff40e3fa41939`
SHA1	`fc7f295df0bb4618a099a3a5c965c1b98369a889`
SHA256	`65c6763862249cea58d4766b765ba69714d2cbd9e8662731f8587986fb9e277f`
SHA3	`ee993661d5325b1544eee809c83ee829f89b07e7fedf7d1fc24d61f3d1225182`
VirtualSize	`0x96`
VirtualAddress	`0x7a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.81422`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1a0`
VirtualAddress	`0x7b000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`cf96fed07ac94990c072737327ba105d`
SHA1	`67497d336f49f3ba81c5fe05480228aa06f54281`
SHA256	`f5d17f66880ff8127eb876b7990967feaebf432c3bae4e015f688241210fcb11`
SHA3	`65f835154510f35be20cabf7b649c9fe295290e5bb3134a2b17c0bd30de82246`
VirtualSize	`0x28`
VirtualAddress	`0x7c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.214733`

.pdata

MD5	`e3956079673b0b0fc3468d3dc8f9241b`
SHA1	`3b3bb80b57dbff6b5101fa96b08e4dd94c0d2d7b`
SHA256	`176f832fa42986a19d0e05f176e105ef831b2648ab612b882987fea023d19985`
SHA3	`fc3acadaeddeb0fb5c3acea2bdf58742d26ad597d72861042f69543877ab0fb0`
VirtualSize	`0x5448`
VirtualAddress	`0x7d000`
SizeOfRawData	`0x5600`
PointerToRawData	`0x6d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.60132`

.rsrc

MD5	`6e1dcd4918590a6c4351fe55966f8430`
SHA1	`6e9c04a5762bd602d6b6c6ba5f7473afda923974`
SHA256	`43d462cda3981ad0b5e37952b3b842bdcfac1c17ac2104ad100ef2a061d3d921`
SHA3	`e9c9b7e1542d3cb2bfd623c850bbee426488949e416ed55755790da65dc87c3e`
VirtualSize	`0x1530a0`
VirtualAddress	`0x83000`
SizeOfRawData	`0x153200`
PointerToRawData	`0x72800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.84722`

Imports

oleaut32.dll	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
advapi32.dll	`RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey`
user32.dll	`MessageBoxA` `CharNextW` `LoadStringW`
kernel32.dll	`Sleep` `VirtualFree` `VirtualAlloc` `HeapFree` `HeapAlloc` `GetProcessHeap` `lstrlenW` `VirtualQuery` `QueryPerformanceCounter` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsDBCSLeadByteEx` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetConsoleOutputCP` `GetConsoleCP` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwindEx` `RtlUnwind` `RaiseException` `ExitProcess` `SwitchToThread` `GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `SetFilePointer` `SetEndOfFile` `ReadFile` `GetFileType` `GetFileSize` `CreateFileW` `GetStdHandle` `CloseHandle`
kernel32.dll (#2)	`Sleep` `VirtualFree` `VirtualAlloc` `HeapFree` `HeapAlloc` `GetProcessHeap` `lstrlenW` `VirtualQuery` `QueryPerformanceCounter` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsDBCSLeadByteEx` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetConsoleOutputCP` `GetConsoleCP` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwindEx` `RtlUnwind` `RaiseException` `ExitProcess` `SwitchToThread` `GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `SetFilePointer` `SetEndOfFile` `ReadFile` `GetFileType` `GetFileSize` `CreateFileW` `GetStdHandle` `CloseHandle`
user32.dll (#2)	`MessageBoxA` `CharNextW` `LoadStringW`
kernel32.dll (#3)	`Sleep` `VirtualFree` `VirtualAlloc` `HeapFree` `HeapAlloc` `GetProcessHeap` `lstrlenW` `VirtualQuery` `QueryPerformanceCounter` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsDBCSLeadByteEx` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetConsoleOutputCP` `GetConsoleCP` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwindEx` `RtlUnwind` `RaiseException` `ExitProcess` `SwitchToThread` `GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `SetFilePointer` `SetEndOfFile` `ReadFile` `GetFileType` `GetFileSize` `CreateFileW` `GetStdHandle` `CloseHandle`
SHFolder.dll	`SHGetFolderPathW`
kernel32.dll (#4)	`Sleep` `VirtualFree` `VirtualAlloc` `HeapFree` `HeapAlloc` `GetProcessHeap` `lstrlenW` `VirtualQuery` `QueryPerformanceCounter` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsDBCSLeadByteEx` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetConsoleOutputCP` `GetConsoleCP` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwindEx` `RtlUnwind` `RaiseException` `ExitProcess` `SwitchToThread` `GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `SetFilePointer` `SetEndOfFile` `ReadFile` `GetFileType` `GetFileSize` `CreateFileW` `GetStdHandle` `CloseHandle`
oleaut32.dll (#2)	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
msvcrt.dll	`memcpy`
kernel32.dll (delay-loaded)	`Sleep` `VirtualFree` `VirtualAlloc` `HeapFree` `HeapAlloc` `GetProcessHeap` `lstrlenW` `VirtualQuery` `QueryPerformanceCounter` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsDBCSLeadByteEx` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetConsoleOutputCP` `GetConsoleCP` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwindEx` `RtlUnwind` `RaiseException` `ExitProcess` `SwitchToThread` `GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `SetFilePointer` `SetEndOfFile` `ReadFile` `GetFileType` `GetFileSize` `CreateFileW` `GetStdHandle` `CloseHandle`

Delayed Imports

Attributes	`0x1`
Name	`kernel32.dll`
ModuleHandle	`0x79060`
DelayImportAddressTable	`0x79078`
DelayImportNameTable	`0x790a8`
BoundDelayImportTable	`0x790d8`
UnloadDelayImportTable	`0x790f8`
TimeStamp	`1970-Jan-01 00:00:00`

dbkFCallWrapperAddr

Ordinal	`1`
Address	`0x71d68`

__dbk_fcall_wrapper

Ordinal	`2`
Address	`0xf0a0`

TMethodImplementationIntercept

Ordinal	`3`
Address	`0x3d640`

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xac02`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98184`
Detected Filetype	PNG graphic file
MD5	`58ec038190b64dd1043a11c12df55763`
SHA1	`b5833602f9425864ee20d159f98a9029e750a069`
SHA256	`30815ecc28d78e33932912f6799e610ad7f966803f00155d907e755e797bedd6`
SHA3	`ae5961402fb949f510c3f62eff781c2979abd47be6a5999510ca9ee989e7e7c2`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82404`
MD5	`8c6ca6241796b501a22962c46678ae56`
SHA1	`508c50dc8a7100f450838ca8ac697b4aeb41262e`
SHA256	`69fb8ce7a666c3951017166a64eb37b5735d811917084354902d0583377125ef`
SHA3	`2fa7f78f78228e16016ea119bcde58bd0f0cd6e99a2a250e49f625f6fcb7750e`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.98618`
MD5	`a0a981ef838bad21a9093ef8d84f5288`
SHA1	`a2ac4a7265ab17c3f3e5af97979bda7d8128ab9e`
SHA256	`3261e452543a1ea4edd9ce448b20e2b7e7cb13304d2aa402d7dcff16b0f8ff2f`
SHA3	`99b346d38bc2366b67a9853fd1e84a5078b551202e0eb8cbc13a93170e721d2d`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06207`
MD5	`ab2746dd21c815d37e758f51f7e1ea88`
SHA1	`500c2134253c0a6e2938ee27dfcb877ed73390d6`
SHA256	`21be763de76b1fa40f3172f9eba5b10a928ee07a5ea347cacfa21cddd144bad3`
SHA3	`a0dbbc26755ddc430852c2273eb873b74f69b75d1d4d0c9252c5287e6b53776b`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19499`
MD5	`ea611d8ea6abd6b5ba6e957439f123cf`
SHA1	`394a0847a21d4c623bececd493fadc8b20360298`
SHA256	`851fa729d9c911bb698e4f79d07d1489a63b838373a8d17738a2e7fbdf13e47c`
SHA3	`131434b299c9eaef35ec7c47a97f0e119acd475781184beff453a7e5551ec327`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40147`
MD5	`702b9048ec4ed65d1e9210b7d72b4c19`
SHA1	`dd282383c1aecaf98f7c570198ea7164cacc4e25`
SHA256	`b5d35c2c48fa1b8723b5892e08d37d3029dde6a2029f7781841c5c08ec5c5664`
SHA3	`3ae781d226707c055655be4b94a6b6c594a356d0e58213d4aa547c674fe971b9`

4089

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.55494`
MD5	`bb0523f2f17f4a28008e03c85ea742cb`
SHA1	`31aeb0e979bb858632187dc35fa4de662064beb2`
SHA256	`15ceca5bef51140dc599d132cf20ec90fe6598a578e7b464c0f9e9489c0eb9c6`
SHA3	`ecbc54e46868ff0e7da8ae71f19262ecba5c7283802268b984052a2490308147`

4090

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x304`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43355`
MD5	`21037384ad483e69b50de22d42afa88e`
SHA1	`dc73b5a1a8f5ad2cb4fbdb55f14f2144e6abd603`
SHA256	`ef67f425106d47c1644ef43ccb088df953dd79e7dc62481be71b202f0f6a1450`
SHA3	`a9e56094ac401ea4b2b0090b684ee045348ecf141f5bbe375f74d47289cc0abc`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xd0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2023`
MD5	`2c445e7460778069a108bfa6e5838bf4`
SHA1	`ada7c52ba585077d914fb80b269ec8a841801795`
SHA256	`67fa84ed1924419c10197924c66863e6a229a1e590b17e32bde70bb75a809f82`
SHA3	`266c4ad63b3566332930feba77a9fb887467da0eb433709aa903dd5b70f234ec`

4092

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xb8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34911`
MD5	`4a1e6314536c88cfa0467bf5b0cc0dd1`
SHA1	`34d0696c00ac0a6e0171d94cdb9cb2b3bc662afb`
SHA256	`dbd0defe0cb0baca38eba086f1db49f41b260ac4f9cd2d6cdaed54074f04e2f9`
SHA3	`f1cc84f17e27543fee905fa4c85e54deef05696a42b067f54e122085710e76d2`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x298`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3725`
MD5	`c720cb619e54e5f7f44478a85c79c55e`
SHA1	`682251e8a19c36f18c28e6c94fb5a6869290145d`
SHA256	`70d6cea09f844aacee85056fcc922123c3be4674c6c6a802a41dab839de2db91`
SHA3	`85f75d3a86a498c7488dd14d2e4fdd8fd0a46cd55d76aea721a71745f02922c9`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27126`
MD5	`f34f4b2fbffb2b2dc74250b07c7dbc42`
SHA1	`4ca332f32fa8678103b78406f05e3e3e8b31993b`
SHA256	`78160f5ba775c340c1c5dcdfe1cf96d0190a2d49090d4acba36acb041e2b825f`
SHA3	`640df8a9b7437cb1c4926e5c37d7ba48534c9a48e3104dc14e1b9610afda14f1`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x338`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35594`
MD5	`bc06ca47ee6f8d20c4389834f53a44f4`
SHA1	`102cf0807762abbf7250c533692c282d045a5239`
SHA256	`e78299e236878f8931b75a5cb1ef7a566f6d2e204d6a3ab5a40d01df44709545`
SHA3	`c9ace61db2f1daf8a5203b1d42290d62e58289f030e2946a1e32b002ccdf530c`

4096

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28919`
MD5	`0cc5ea1dc96f98e878fcf0230bd0983c`
SHA1	`efec3eb732bedc1c6ff61bd8deeac727ea8e2ecf`
SHA256	`9dcff67237cae3374ea8485e09302cc03947d46ddd08c195b93cd7ce28b2ae87`
SHA3	`f9eb2e9ec6a3b0e29c87f5f0ac8c3a8dd08fb8ce403e2cc8ee29af8d96cb3e11`

OPT

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3609`
MD5	`feaed2f2fd8bc7a1b0f3ca92ac56cf9f`
SHA1	`9f1d0cec91aae31ff2a47990a1a048557cf887c0`
SHA256	`16f2920bd0459a0ef536a8a8c54bb5f033f424d9071a6e79c0d1d005d69c1ee9`
SHA3	`f941400c116cf22043c2c8303187d4da2000d97223d08b8e5c990e0bb25491d6`

PLATFORMTARGETS

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1`
MD5	`598f4fe64aefab8f00bcbea4c9239abf`
SHA1	`688934845f22049cb14668832efa33d45013b6b9`
SHA256	`9b4fb24edd6d1d8830e272398263cdbf026b97392cc35387b991dc0248a628f9`
SHA3	`2951e8c89ecc8e8aa730f646caa10afd48f0be1353aaf5cc35815497dc6ba0db`

SRC

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x12e060`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99447`
MD5	`3532ef8e22f241c65e180c48d617e1ee`
SHA1	`61087dc2fd234a6f39c9b7ac6483dd356f39a237`
SHA256	`abda67d2904066b21a20ac2a568edd6427d5638b316af97a4814be9dc818d7ff`
SHA3	`3bd2efd2c22aed35776bba5ebabc5a479539e6f1852bd7555a994c77f9508a28`

MAINICON

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77685`
Detected Filetype	Icon file
MD5	`dbb59c13cc4025b3508c3950b8098a57`
SHA1	`2bea6263e4f29f0b61dc1a15c102e0f1d57077c7`
SHA256	`ba9a4d315a1c238a43d2db50fc961f4d2e1fe36148460eb2d715d65b85e69663`
SHA3	`ac7ecf6eab7e25556442dc85be049735a414451c28a571d8b42f40522fa00bf6`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.24249`
MD5	`c54c9d065d6d1137690b4eaa20dbc4b7`
SHA1	`a27e4245e72b673c2e2a5333e9163ce0b0804f2d`
SHA256	`4a2de1f12eafd2522fb56c172c57c98348733123c71fc2dbb725a1d71b686fd3`
SHA3	`0cad94ba65f8f4242cd1926641178f91a30b37910b5698edd3dc810344ba1e5c`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x38d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.35941`
MD5	`37bc3d245438a70b3c550b9cfa4e265a`
SHA1	`d660d7c95b25fef3b18df50f5a88bb03f09f1123`
SHA256	`d6fc1237c062e6a39a07a4fef2f0fd8696e4589bf62b79dbe02b8eae535ab69b`
SHA3	`d076e833b9bb5d4f5bfa286f5b3f9a3e3c281efe2f31f47c6c6de2bddf533e3f`

String Table contents

Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 2000
Windows XP
Windows Server 2003
Windows Server 2003 R2
Windows Server 2012
Windows 8
cmdln
MYFILES
Error loading resources.
Could not create process.
Quick Batch File Compiler Runtime Module Version 5.x
Copyright (C) 2004-2021 Abyss Media Company, https://www.abyssmedia.com
Cannot assign a %s to a %s
Cannot create file "%s". %s
Cannot open file "%s". %s
Invalid file name - %s
%s.Seek not implemented
Stream write error
The specified file was not found
Argument out of range
Item not found
Duplicates not allowed
%s (Version %d.%d, Build %d, %5:s)
%s Service Pack %4:d (Version %1:d.%2:d, Build %3:d, %5:s)
32-bit Edition
64-bit Edition
Windows
Windows Vista
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
April
May
June
July
August
September
October
Exception in safecall method
Object lock not owned
Monitor support function not initialized
Feature not implemented
Method called on disposed object
%s (%s, line %d)
Abstract Error
Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
%s%s
A call to an OS function failed
Jan
Feb
Mar
Apr
May
Jun
Variant or safe array index out of bounds
Variant or safe array is locked
Invalid variant type conversion
Invalid variant operation
Invalid NULL variant operation
Invalid variant operation (%s%.8x)
%s
Could not convert variant of type (%s) into type (%s)
Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Invalid argument
Invalid variant type
Operation not supported
Unexpected variant error
External exception %x
Assertion failed
Interface not supported
Floating point underflow
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction
Exception %s in module %s at %p.
%s%s

Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Variant method calls not supported
Read
Write
Error creating variant or safe array
'%d.%d' is not a valid timestamp
Invalid argument to time encode
Invalid argument to date encode
Out of memory
I/O error %d
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	6.1.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
CompanyName
FileDescription	English version
FileVersion (#2)	0. 0. 0. 0
InternalName
LegalCopyright	Varset
LegalTrademarks
OriginalFilename	Quas
ProductName	QUest ADB Scripts
ProductVersion (#2)	6.1.0.0
Comments

Resource LangID	English - United States

TLS Callbacks

StartAddressOfRawData	`0x47b000`
EndAddressOfRawData	`0x47b1a0`
AddressOfIndex	`0x461574`
AddressOfCallbacks	`0x47c020`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
[*] Warning: Section .tls has a size of 0!

Leave a comment

No comments yet.